diff --git a/.common-ci.yml b/.common-ci.yml index 2b754154..04f648ae 100644 --- a/.common-ci.yml +++ b/.common-ci.yml @@ -74,60 +74,29 @@ trigger-pipeline: - when: always # Define the distribution targets -.dist-amazonlinux2: - rules: - - !reference [.main-or-manual, rules] - variables: - DIST: amazonlinux2 - PACKAGE_REPO_TYPE: rpm - .dist-centos7: rules: - !reference [.main-or-manual, rules] variables: DIST: centos7 - CVE_UPDATES: "cyrus-sasl-lib" - PACKAGE_REPO_TYPE: rpm .dist-centos8: variables: DIST: centos8 - CVE_UPDATES: "cyrus-sasl-lib" - PACKAGE_REPO_TYPE: rpm - -.dist-debian10: - rules: - - !reference [.main-or-manual, rules] - variables: - DIST: debian10 - PACKAGE_REPO_TYPE: debian - -.dist-opensuse-leap15.1: - rules: - - !reference [.main-or-manual, rules] - variables: - DIST: opensuse-leap15.1 - PACKAGE_REPO_TYPE: rpm .dist-ubi8: rules: - !reference [.main-or-manual, rules] variables: DIST: ubi8 - CVE_UPDATES: "cyrus-sasl-lib" - PACKAGE_REPO_TYPE: rpm .dist-ubuntu18.04: variables: DIST: ubuntu18.04 - CVE_UPDATES: "libsasl2-2 libsasl2-modules-db" - PACKAGE_REPO_TYPE: debian .dist-ubuntu20.04: variables: DIST: ubuntu20.04 - CVE_UPDATES: "libsasl2-2 libsasl2-modules-db" - PACKAGE_REPO_TYPE: debian .dist-packaging: variables: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4e606398..1c84955e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -126,18 +126,6 @@ package-meta-packages: paths: - ${ARTIFACTS_ROOT} -package-amazonlinux2-aarch64: - extends: - - .package-build - - .dist-amazonlinux2 - - .arch-aarch64 - -package-amazonlinux2-x86_64: - extends: - - .package-build - - .dist-amazonlinux2 - - .arch-x86_64 - package-centos7-x86_64: extends: - .package-build @@ -162,18 +150,6 @@ package-centos8-x86_64: - .dist-centos8 - .arch-x86_64 -package-debian10-amd64: - extends: - - .package-build - - .dist-debian10 - - .arch-amd64 - -package-opensuse-leap15.1-x86_64: - extends: - - .package-build - - .dist-opensuse-leap15.1 - - .arch-x86_64 - package-ubuntu18.04-amd64: extends: - .package-build diff --git a/build/container/Dockerfile.centos b/build/container/Dockerfile.centos index 2914b2ba..4875084c 100644 --- a/build/container/Dockerfile.centos +++ b/build/container/Dockerfile.centos @@ -87,11 +87,4 @@ LABEL description="See summary" RUN mkdir /licenses && mv /NGC-DL-CONTAINER-LICENSE /licenses/NGC-DL-CONTAINER-LICENSE -# Install / upgrade packages here that are required to resolve CVEs -ARG CVE_UPDATES -RUN if [ -n "${CVE_UPDATES}" ]; then \ - yum update -y ${CVE_UPDATES} && \ - rm -rf /var/cache/yum/*; \ - fi - ENTRYPOINT ["/work/nvidia-toolkit"] diff --git a/build/container/Dockerfile.ubuntu b/build/container/Dockerfile.ubuntu index 480767da..2efb95bf 100644 --- a/build/container/Dockerfile.ubuntu +++ b/build/container/Dockerfile.ubuntu @@ -95,11 +95,4 @@ LABEL description="See summary" RUN mkdir /licenses && mv /NGC-DL-CONTAINER-LICENSE /licenses/NGC-DL-CONTAINER-LICENSE -# Install / upgrade packages here that are required to resolve CVEs -ARG CVE_UPDATES -RUN if [ -n "${CVE_UPDATES}" ]; then \ - apt-get update && apt-get upgrade -y ${CVE_UPDATES} && \ - rm -rf /var/lib/apt/lists/*; \ - fi - ENTRYPOINT ["/work/nvidia-toolkit"] diff --git a/build/container/Makefile b/build/container/Makefile index 64d99806..6ec570fa 100644 --- a/build/container/Makefile +++ b/build/container/Makefile @@ -107,7 +107,6 @@ $(BUILD_TARGETS): build-%: $(ARTIFACTS_ROOT) --build-arg GIT_COMMIT_SHORT="$(GIT_COMMIT_SHORT)" \ --build-arg GIT_BRANCH="$(GIT_BRANCH)" \ --build-arg SOURCE_DATE_EPOCH="$(SOURCE_DATE_EPOCH)" \ - --build-arg CVE_UPDATES="$(CVE_UPDATES)" \ -f $(DOCKERFILE) \ $(CURDIR) @@ -144,15 +143,11 @@ $(TEST_TARGETS): test-%: test-packaging: DIST = packaging test-packaging: @echo "Testing package image contents" - @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/amazonlinux2/aarch64" || echo "Missing amazonlinux2/aarch64" - @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/amazonlinux2/x86_64" || echo "Missing amazonlinux2/x86_64" @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/centos7/ppc64le" || echo "Missing centos7/ppc64le" @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/centos7/x86_64" || echo "Missing centos7/x86_64" @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/centos8/aarch64" || echo "Missing centos8/aarch64" @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/centos8/ppc64le" || echo "Missing centos8/ppc64le" @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/centos8/x86_64" || echo "Missing centos8/x86_64" - @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/debian10/amd64" || echo "Missing debian10/amd64" - @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/opensuse-leap15.1/x86_64" || echo "Missing opensuse-leap15.1/x86_64" @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/ubuntu18.04/amd64" || echo "Missing ubuntu18.04/amd64" @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/ubuntu18.04/arm64" || echo "Missing ubuntu18.04/arm64" @$(DOCKER) run --rm $(IMAGE) test -d "/artifacts/packages/ubuntu18.04/ppc64le" || echo "Missing ubuntu18.04/ppc64le" diff --git a/config/config.toml.debian b/config/config.toml.debian deleted file mode 100644 index 225ec450..00000000 --- a/config/config.toml.debian +++ /dev/null @@ -1,32 +0,0 @@ -disable-require = false -#swarm-resource = "DOCKER_RESOURCE_GPU" -#accept-nvidia-visible-devices-envvar-when-unprivileged = true -#accept-nvidia-visible-devices-as-volume-mounts = false - -[nvidia-container-cli] -#root = "/run/nvidia/driver" -#path = "/usr/bin/nvidia-container-cli" -environment = [] -#debug = "/var/log/nvidia-container-toolkit.log" -#ldcache = "/etc/ld.so.cache" -load-kmods = true -#no-cgroups = false -#user = "root:video" -ldconfig = "@/sbin/ldconfig" - -[nvidia-container-runtime] -#debug = "/var/log/nvidia-container-runtime.log" -log-level = "info" - -# Specify the runtimes to consider. This list is processed in order and the PATH -# searched for matching executables unless the entry is an absolute path. -runtimes = [ - "docker-runc", - "runc", -] - -mode = "auto" - - [nvidia-container-runtime.modes.csv] - - mount-spec-path = "/etc/nvidia-container-runtime/host-files-for-container.d" diff --git a/config/config.toml.opensuse-leap b/config/config.toml.opensuse-leap deleted file mode 100644 index e99585d3..00000000 --- a/config/config.toml.opensuse-leap +++ /dev/null @@ -1,32 +0,0 @@ -disable-require = false -#swarm-resource = "DOCKER_RESOURCE_GPU" -#accept-nvidia-visible-devices-envvar-when-unprivileged = true -#accept-nvidia-visible-devices-as-volume-mounts = false - -[nvidia-container-cli] -#root = "/run/nvidia/driver" -#path = "/usr/bin/nvidia-container-cli" -environment = [] -#debug = "/var/log/nvidia-container-toolkit.log" -#ldcache = "/etc/ld.so.cache" -load-kmods = true -#no-cgroups = false -user = "root:video" -ldconfig = "@/sbin/ldconfig" - -[nvidia-container-runtime] -#debug = "/var/log/nvidia-container-runtime.log" -log-level = "info" - -# Specify the runtimes to consider. This list is processed in order and the PATH -# searched for matching executables unless the entry is an absolute path. -runtimes = [ - "docker-runc", - "runc", -] - -mode = "auto" - - [nvidia-container-runtime.modes.csv] - - mount-spec-path = "/etc/nvidia-container-runtime/host-files-for-container.d" diff --git a/config/config.toml.rpm-yum b/config/config.toml.rpm-yum deleted file mode 100644 index 225ec450..00000000 --- a/config/config.toml.rpm-yum +++ /dev/null @@ -1,32 +0,0 @@ -disable-require = false -#swarm-resource = "DOCKER_RESOURCE_GPU" -#accept-nvidia-visible-devices-envvar-when-unprivileged = true -#accept-nvidia-visible-devices-as-volume-mounts = false - -[nvidia-container-cli] -#root = "/run/nvidia/driver" -#path = "/usr/bin/nvidia-container-cli" -environment = [] -#debug = "/var/log/nvidia-container-toolkit.log" -#ldcache = "/etc/ld.so.cache" -load-kmods = true -#no-cgroups = false -#user = "root:video" -ldconfig = "@/sbin/ldconfig" - -[nvidia-container-runtime] -#debug = "/var/log/nvidia-container-runtime.log" -log-level = "info" - -# Specify the runtimes to consider. This list is processed in order and the PATH -# searched for matching executables unless the entry is an absolute path. -runtimes = [ - "docker-runc", - "runc", -] - -mode = "auto" - - [nvidia-container-runtime.modes.csv] - - mount-spec-path = "/etc/nvidia-container-runtime/host-files-for-container.d" diff --git a/config/config.toml.ubuntu b/config/config.toml.ubuntu deleted file mode 100644 index e9515fd2..00000000 --- a/config/config.toml.ubuntu +++ /dev/null @@ -1,32 +0,0 @@ -disable-require = false -#swarm-resource = "DOCKER_RESOURCE_GPU" -#accept-nvidia-visible-devices-envvar-when-unprivileged = true -#accept-nvidia-visible-devices-as-volume-mounts = false - -[nvidia-container-cli] -#root = "/run/nvidia/driver" -#path = "/usr/bin/nvidia-container-cli" -environment = [] -#debug = "/var/log/nvidia-container-toolkit.log" -#ldcache = "/etc/ld.so.cache" -load-kmods = true -#no-cgroups = false -#user = "root:video" -ldconfig = "@/sbin/ldconfig.real" - -[nvidia-container-runtime] -#debug = "/var/log/nvidia-container-runtime.log" -log-level = "info" - -# Specify the runtimes to consider. This list is processed in order and the PATH -# searched for matching executables unless the entry is an absolute path. -runtimes = [ - "docker-runc", - "runc", -] - -mode = "auto" - - [nvidia-container-runtime.modes.csv] - - mount-spec-path = "/etc/nvidia-container-runtime/host-files-for-container.d" diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian index 602e3266..df576af7 100644 --- a/docker/Dockerfile.debian +++ b/docker/Dockerfile.debian @@ -53,15 +53,6 @@ ARG GIT_COMMIT ENV GIT_COMMIT ${GIT_COMMIT} RUN make PREFIX=${DIST_DIR} cmds -ARG CONFIG_TOML_SUFFIX -ENV CONFIG_TOML_SUFFIX ${CONFIG_TOML_SUFFIX} -COPY config/config.toml.${CONFIG_TOML_SUFFIX} $DIST_DIR/config.toml - -# Debian Jessie still had ldconfig.real -RUN if [ "$(lsb_release -cs)" = "jessie" ]; then \ - sed -i 's;"@/sbin/ldconfig";"@/sbin/ldconfig.real";' $DIST_DIR/config.toml; \ - fi - WORKDIR $DIST_DIR COPY packaging/debian ./debian diff --git a/docker/Dockerfile.opensuse-leap b/docker/Dockerfile.opensuse-leap index 09402a89..93e70a92 100644 --- a/docker/Dockerfile.opensuse-leap +++ b/docker/Dockerfile.opensuse-leap @@ -50,10 +50,6 @@ COPY oci-nvidia-hook $DIST_DIR/oci-nvidia-hook # Hook for libpod/CRI-O: https://github.com/containers/libpod/blob/v0.8.5/pkg/hooks/docs/oci-hooks.5.md COPY oci-nvidia-hook.json $DIST_DIR/oci-nvidia-hook.json -ARG CONFIG_TOML_SUFFIX -ENV CONFIG_TOML_SUFFIX ${CONFIG_TOML_SUFFIX} -COPY config/config.toml.${CONFIG_TOML_SUFFIX} $DIST_DIR/config.toml - WORKDIR $DIST_DIR/.. COPY packaging/rpm . diff --git a/docker/Dockerfile.rpm-yum b/docker/Dockerfile.rpm-yum index 6e5d8456..91f2d75c 100644 --- a/docker/Dockerfile.rpm-yum +++ b/docker/Dockerfile.rpm-yum @@ -62,10 +62,6 @@ ARG GIT_COMMIT ENV GIT_COMMIT ${GIT_COMMIT} RUN make PREFIX=${DIST_DIR} cmds -ARG CONFIG_TOML_SUFFIX -ENV CONFIG_TOML_SUFFIX ${CONFIG_TOML_SUFFIX} -COPY config/config.toml.${CONFIG_TOML_SUFFIX} $DIST_DIR/config.toml - # Hook for Project Atomic's fork of Docker: https://github.com/projectatomic/docker/tree/docker-1.13.1-rhel#add-dockerhooks-exec-custom-hooks-for-prestartpoststop-containerspatch COPY oci-nvidia-hook $DIST_DIR/oci-nvidia-hook diff --git a/docker/Dockerfile.ubuntu b/docker/Dockerfile.ubuntu index cf340b11..674d74a4 100644 --- a/docker/Dockerfile.ubuntu +++ b/docker/Dockerfile.ubuntu @@ -51,10 +51,6 @@ ARG GIT_COMMIT ENV GIT_COMMIT ${GIT_COMMIT} RUN make PREFIX=${DIST_DIR} cmds -ARG CONFIG_TOML_SUFFIX -ENV CONFIG_TOML_SUFFIX ${CONFIG_TOML_SUFFIX} -COPY config/config.toml.${CONFIG_TOML_SUFFIX} $DIST_DIR/config.toml - WORKDIR $DIST_DIR COPY packaging/debian ./debian diff --git a/docker/docker.mk b/docker/docker.mk index d8a2a898..3f51c873 100644 --- a/docker/docker.mk +++ b/docker/docker.mk @@ -99,13 +99,11 @@ LIBNVIDIA_CONTAINER_TOOLS_VERSION := $(LIBNVIDIA_CONTAINER_VERSION)$(if $(LIBNVI # private centos target --centos%: OS := centos --centos%: DOCKERFILE = $(CURDIR)/docker/Dockerfile.rpm-yum ---centos%: CONFIG_TOML_SUFFIX := rpm-yum --centos8%: BASEIMAGE = quay.io/centos/centos:stream8 # private amazonlinux target --amazonlinux%: OS := amazonlinux --amazonlinux%: DOCKERFILE = $(CURDIR)/docker/Dockerfile.rpm-yum ---amazonlinux%: CONFIG_TOML_SUFFIX := rpm-yum # private opensuse-leap target --opensuse-leap%: OS = opensuse-leap @@ -116,13 +114,9 @@ LIBNVIDIA_CONTAINER_TOOLS_VERSION := $(LIBNVIDIA_CONTAINER_VERSION)$(if $(LIBNVI --rhel%: VERSION = $(patsubst rhel%-$(ARCH),%,$(TARGET_PLATFORM)) --rhel%: ARTIFACTS_DIR = $(DIST_DIR)/rhel$(VERSION)/$(ARCH) --rhel%: DOCKERFILE = $(CURDIR)/docker/Dockerfile.rpm-yum ---rhel%: CONFIG_TOML_SUFFIX := rpm-yum --rhel8%: BASEIMAGE = quay.io/centos/centos:stream8 -# We allow the CONFIG_TOML_SUFFIX to be overridden. -CONFIG_TOML_SUFFIX ?= $(OS) - docker-build-%: @echo "Building for $(TARGET_PLATFORM)" docker pull --platform=linux/$(ARCH) $(BASEIMAGE) @@ -136,7 +130,6 @@ docker-build-%: --build-arg PKG_VERS="$(PACKAGE_VERSION)" \ --build-arg PKG_REV="$(PACKAGE_REVISION)" \ --build-arg LIBNVIDIA_CONTAINER_TOOLS_VERSION="$(LIBNVIDIA_CONTAINER_TOOLS_VERSION)" \ - --build-arg CONFIG_TOML_SUFFIX="$(CONFIG_TOML_SUFFIX)" \ --build-arg GIT_COMMIT="$(GIT_COMMIT)" \ --tag $(BUILDIMAGE) \ --file $(DOCKERFILE) . diff --git a/packaging/debian/nvidia-container-toolkit-base.install b/packaging/debian/nvidia-container-toolkit-base.install index 3b183ed2..af03bd06 100644 --- a/packaging/debian/nvidia-container-toolkit-base.install +++ b/packaging/debian/nvidia-container-toolkit-base.install @@ -1,3 +1,2 @@ -config.toml /etc/nvidia-container-runtime nvidia-container-runtime /usr/bin nvidia-ctk /usr/bin diff --git a/packaging/rpm/SPECS/nvidia-container-toolkit.spec b/packaging/rpm/SPECS/nvidia-container-toolkit.spec index ed44bc37..98130aa5 100644 --- a/packaging/rpm/SPECS/nvidia-container-toolkit.spec +++ b/packaging/rpm/SPECS/nvidia-container-toolkit.spec @@ -12,13 +12,12 @@ License: Apache-2.0 Source0: nvidia-container-runtime-hook Source1: nvidia-ctk -Source2: config.toml -Source3: oci-nvidia-hook -Source4: oci-nvidia-hook.json -Source5: LICENSE -Source6: nvidia-container-runtime -Source7: nvidia-container-runtime.cdi -Source8: nvidia-container-runtime.legacy +Source2: oci-nvidia-hook +Source3: oci-nvidia-hook.json +Source4: LICENSE +Source5: nvidia-container-runtime +Source6: nvidia-container-runtime.cdi +Source7: nvidia-container-runtime.legacy Obsoletes: nvidia-container-runtime <= 3.5.0-1, nvidia-container-runtime-hook <= 1.4.0-2 Provides: nvidia-container-runtime @@ -37,7 +36,7 @@ Requires: libseccomp Provides tools and utilities to enable GPU support in containers. %prep -cp %{SOURCE0} %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE7} %{SOURCE8} . +cp %{SOURCE0} %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE7} . %install mkdir -p %{buildroot}%{_bindir} @@ -47,9 +46,6 @@ install -m 755 -t %{buildroot}%{_bindir} nvidia-container-runtime.cdi install -m 755 -t %{buildroot}%{_bindir} nvidia-container-runtime.legacy install -m 755 -t %{buildroot}%{_bindir} nvidia-ctk -mkdir -p %{buildroot}/etc/nvidia-container-runtime -install -m 644 -t %{buildroot}/etc/nvidia-container-runtime config.toml - mkdir -p %{buildroot}/usr/libexec/oci/hooks.d install -m 755 -t %{buildroot}/usr/libexec/oci/hooks.d oci-nvidia-hook @@ -100,7 +96,6 @@ Provides tools such as the NVIDIA Container Runtime and NVIDIA Container Toolkit %files base %license LICENSE -%config /etc/nvidia-container-runtime/config.toml %{_bindir}/nvidia-container-runtime %{_bindir}/nvidia-ctk diff --git a/scripts/build-packages.sh b/scripts/build-packages.sh index 7d424838..c6fa086b 100755 --- a/scripts/build-packages.sh +++ b/scripts/build-packages.sh @@ -23,22 +23,7 @@ set -e SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../scripts && pwd )" -# This list represents the distribution-architecture pairs that are actually published -# to the relevant repositories. This targets forwarded to the build-all-components script -# can be overridden by specifying command line arguments. -all=( - amazonlinux2-aarch64 - amazonlinux2-x86_64 - centos7-x86_64 - centos8-aarch64 - centos8-ppc64le - centos8-x86_64 - debian10-amd64 - opensuse-leap15.1-x86_64 - ubuntu18.04-amd64 - ubuntu18.04-arm64 - ubuntu18.04-ppc64le -) +source "${SCRIPTS_DIR}"/utils.sh if [[ $# -gt 0 ]]; then targets=($*) diff --git a/scripts/release-packages.sh b/scripts/release-packages.sh index ccc73026..1d777d70 100755 --- a/scripts/release-packages.sh +++ b/scripts/release-packages.sh @@ -153,23 +153,6 @@ function sync() { fi } -# This list represents the distribution-architecture pairs that are actually published -# to the relevant repositories. This targets forwarded to the build-all-components script -# can be overridden by specifying command line arguments. -all=( - amazonlinux2-aarch64 - amazonlinux2-x86_64 - centos7-x86_64 - centos8-aarch64 - centos8-ppc64le - centos8-x86_64 - debian10-amd64 - opensuse-leap15.1-x86_64 - ubuntu18.04-amd64 - ubuntu18.04-arm64 - ubuntu18.04-ppc64le -) - targets=${all[@]} _current_branch=$(git -C ${PACKAGE_REPO_ROOT} rev-parse --abbrev-ref HEAD) diff --git a/scripts/utils.sh b/scripts/utils.sh index 70887d31..7c830eee 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -12,6 +12,18 @@ # See the License for the specific language governing permissions and # limitations under the License. +# This list represents the distribution-architecture pairs that are actually published +# to the relevant repositories. This targets forwarded to the build-all-components script +# can be overridden by specifying command line arguments. +all=( + centos7-x86_64 + centos8-aarch64 + centos8-ppc64le + centos8-x86_64 + ubuntu18.04-amd64 + ubuntu18.04-arm64 + ubuntu18.04-ppc64le +) # package_type returns the packaging type (deb or rpm) for the specfied distribution. # An error is returned if the ditribution is unsupported.